Tuesday, June 09, 2015

All your base are belong to Conficker - What I am reading - 6/9/2015

The Register - MS scolds businesses for failing to eradicate 7-year-old malware -

Aston and colleague Tim Rains, chief security advisor, WW Cybersecurity & Data Protection at Microsoft, cited figures that show one in five of Windows systems lack up-to-date anti-virus protection. Microsoft has contributed to a succession of take-down operations over recent years, but these normally focus on command and control systems rather than compromised devices.
Despite these takedown operations, Microsoft is “not trying to be a policeman”, according to Aston. The software giant is seeking to make it easier for organisations to clean up infected systems on their network, with a new program for exposing IP addresses for infected machines within organisations within its Azure console.

This seems like it should be simple to fix, and in the home environment it is - turn on automatic updates and let you antivirus software update every week and schedule scans.  Business not so much, I can't tell you how many times we have had a patch run for a month on our test servers, we push it out to our production servers and then it kills one application on one machine in one district and of course that's the critical application of the day.  

Wired - Hacker Can Send Fatal Dose to Hospital Drug Pumps -

Altering the allowable limits of a particular drug simply meant that if a caregiver accidentally instructed the pump to give too high or too low a dosage, the pump wouldn’t issue an alert. This seemed much less alarming than if the pumps had vulnerabilities that would allow a hacker to actually alter the dosage itself.
Now Rios says he’s found the more serious vulnerabilities in several models of pumps made by the same manufacturer, which would allow a hacker to surreptitiously and remotely change the amount of drugs administered to a patient.

If I remember correctly the villain in Stealing the Network: How to Own a Continent pulls this trick, but I might be misremembering.  Anyway people have been talking about this for awhile so I am surprised this is the first time it's been accomplished.

Pando“These aren’t real journalists, Richard. They’re tech journalists.” Last night’s “Silicon Valley,” reviewed -

this gets to the heart of tech journalism’s problem. It’s less that tech reporters sit around withholding or providing praise based on who their employer’s investors are. Certainly, conflicts can and do arise between news outlets and the entities providing them money — particularly advertisers. But it rarely affects an individual reporter’s day-to-day decision-making. The real problem with the tech press is that it’s lazy. It’s far easier to let a PR firm tell you what’s important or newsworthy about a company than it is for the reporter to determine that on her own.

 Uber?  Seriously does anyone really believe a jumped up Taxi company with a slightly better dispatch model is worth $50,000,000,000?  A second point - the gamergate crowd must have been jumping up and down with glee.  They just essentially had their complaints of an incestuous, unethical relationship between tech journalists (easily extrapolated to game journalists) and the industry they cover validated.

Speaking of Uber - Forbes - Decoding Uber's Proposed $50B Valuation (And What It Means For You) -

If you assume a normalized long-term free cash flow margin of about 35% (yes, this is quite high, but Uber’s business model is very efficient), Uber’s $50 billion valuation means that they will need to generate about $35.7 billion dollars of gross revenue and about $7.1 billion dollars of net revenue to justify the recent valuation. Perhaps more interestingly, the company will have to have an annual growth rate of about 286% each year over the next five years to hit these numbers. To put those numbers into perspective for a moment, it means that Uber is currently valued at 125x trailing annual net revenue.
Uber’s massive market value surpasses 80%+ of all S&P 500 companies, many of which have been around for 20, 30, 50 or more years (Uber was started in 2009). 

The author goes on to explain why this might not be as crazy as it sounds, but I just have trouble believing this valuation.  Maybe I am wrong, maybe Uber really is worth more than some small nations and 80% of the companies in the world, but again I don't see how.

- I know it's been awhile since I have done one of these.  I get bored doing the same stories over and over but it felt like time again.
Post a Comment

Cybersecurity Job Numbers from 3/11/2018

Cyberseek.org shows 285,681 open cybersecurity positions nation wide (not the 1,000,000 that I hear quoted so often).  The eight states with...